Theoretical Domain Framework to Identify Cybersecurity Behaviour Constructs

  • Thulani MashianeEmail author
  • Elmarie Kritzinger
Conference paper
Part of the Lecture Notes in Computer Science book series (LNCS, volume 11937)


Humans are still the weakest link in the cyber security system. In order to correct cybersecurity behaviour, it is important to understand both the behaviour as well as the cause of the behaviour. In an effort towards the latter, researchers have conducted empirical studies that investigate the constructs of cybersecurity behaviour. This approach has led to a plethora of constructs being proposed as the determinates of cybersecurity behavior. The large number of constructs make it difficult to decide which constructs to focus on when designing cybersecurity behavior interventions. This problem is not unique to cybersecurity behaviour. A similar problem exists in the medical domain. One proposed solution, that achieved good results in the medical domain, is the use of the Theoretical Domain Framework. The contribution of the current paper is a mapping of the constructs found in cybersecurity behaviour, to the Theoretical Domain Framework. This has been achieved by a systematic literature survey. The significance of the study is the identification and of the main behavioural constructs used in the cybersecurity domain. The findings of this research are aimed at being used as a basis when planning theory-based interventions for cybersecurity behaviour change.


Cybersecurity Behavior Constructs Theoretical Domain Framework 


  1. 1.
    Abawajy, J.: User preference of cyber security awareness delivery methods. Behav. Inf. Technol. 33, 237–248 (2014)CrossRefGoogle Scholar
  2. 2.
    Cone, B.D., Irvine, C.E., Thompson, M.F., Nguyen, T.D.: A video game for cyber security training and awareness. Comput. Secur. 26, 63–72 (2007)CrossRefGoogle Scholar
  3. 3.
    Halevi, T., Lewis, J., Memon, N.: A pilot study of cyber security and privacy related behavior and personality traits. In: Proceedings of the 22nd International Conference on World Wide Web, pp. 737–744. ACM (2013)Google Scholar
  4. 4.
    Wiederhold, B.K.: The role of psychology in enhancing cybersecurity. Mary Ann Liebert, Inc., New Rochelle (2014)CrossRefGoogle Scholar
  5. 5.
    Proctor, R.W., Chen, J.: The role of human factors/ergonomics in the science of security: decision making and action selection in cyberspace. Hum. Factors 57, 721–727 (2015)CrossRefGoogle Scholar
  6. 6.
    Michie, S., Johnston, M., Abraham, C., Lawton, R., Parker, D., Walker, A.: Making psychological theory useful for implementing evidence based practice: a consensus approach. BMJ Qual. Saf. 14, 26–33 (2005)CrossRefGoogle Scholar
  7. 7.
    Cane, J., O’Connor, D., Michie, S.: Validation of the theoretical domains framework for use in behaviour change and implementation research. Implement. Sci. 7, 37 (2012)CrossRefGoogle Scholar
  8. 8.
    Atkins, L., et al.: A guide to using the Theoretical Domains Framework of behaviour change to investigate implementation problems. Implement. Sci. 12, 77 (2017)CrossRefGoogle Scholar
  9. 9.
    Cane, J., Richardson, M., Johnston, M., Ladha, R., Michie, S.: From lists of behaviour change techniques (BCT s) to structured hierarchies: comparison of two methods of developing a hierarchy of BCT s. Br. J. Health. Psychol. 20, 130–150 (2015)CrossRefGoogle Scholar

Copyright information

© Springer Nature Switzerland AG 2019

Authors and Affiliations

  1. 1.School of ComputingUniversity of South Africa, UNISAPretoriaSouth Africa

Personalised recommendations